Wired

last person joined: 6 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Remove All AAA Config From a Port

Jump to Best Answer
  • 1.  Remove All AAA Config From a Port

    Posted Oct 28, 2019 10:23 AM

    Dear all,

     

    whats the best practice to remove all AAA config from a profile.

    the NO command for the authenticon ( mac/authenticator works) pure functional works but i can remove the following settings 

    • aaa port-access authenticator tx-period 10
      aaa port-access authenticator supplicant-timeout 10
      aaa port-access authenticator client-limit 10
      aaa port-access mac-based addr-limit 10

    Thanks

     

     

     

     


    #2930F


  • 2.  RE: Remove All AAA Config From a Port
    Best Answer

    Posted Nov 06, 2019 12:06 PM

    For some of the commands on ArubaOS switches, you will need to configure them to the default value in order to disappear. The configuration will show only values that have changed from the default. Example for your case:

    sw01(config)# aaa port-access authenticator 5 tx-period 10
    sw01(config)# aaa port-access authenticator 5 supplicant-timeout 10
    sw01(config)# aaa port-access authenticator 5 client-limit 10
    sw01(config)# aaa port-access mac-based 5 addr-limit 10
    sw01(config)# show running-config interface 5
    
    Running configuration:
    
    interface 5
       untagged vlan 6
       aaa port-access authenticator tx-period 10
       aaa port-access authenticator supplicant-timeout 10
       aaa port-access authenticator client-limit 10
       aaa port-access mac-based addr-limit 10
       exit
    
    sw01(config)# aaa port-access authenticator 5 tx-period 30
    sw01(config)# aaa port-access authenticator 5 supplicant-timeout 30
    sw01(config)# no aaa port-access authenticator 5 client-limit
    sw01(config)# aaa port-access mac-based 5 addr-limit 1
    sw01(config)# show running-config interface 5
    
    Running configuration:
    
    interface 5
       untagged vlan 6
       exit

    You can look up the default in the Security Access Guide from the ArubaOS switch configuration.



  • 3.  RE: Remove All AAA Config From a Port

    Posted Nov 08, 2019 11:27 AM

    We partially scripted it and just use this as a template:

     

    no aaa port-access xxx mixed
    no aaa port-access mac-based xxx
    no aaa port-access authenticator xxx client-limit
    no aaa port-access authenticator xxx
    no port-security xxx
    no spanning-tree xxx root-guard bpdu-protection
    int xxx
    name "xxx"
    untagged vlan xx
    ip source-lockdown
    disable
    enable
    exit

     

    TBB



  • 4.  RE: Remove All AAA Config From a Port

    Posted Jan 05, 2020 06:46 AM